NVD

Id
25822  
Name
CVE-2015-4364  
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in includes/campaignmonitor_lists.admin.inc in the Campaign Monitor module 7.x-1.0 for Drupal allow remote attackers to hijack the authentication of users for requests that (1) enable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/enable or (2) disable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/disable.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-06-15  
Modified Date
2016-06-09  
Seq
2015-4364  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
136205 25822 CVE-2015-4364 [oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)  View
136206 25822 CVE-2015-4364 72953  View
136207 25822 CVE-2015-4364 https://www.drupal.org/node/2445971  View
136208 25822 CVE-2015-4364 https://www.drupal.org/node/2449747  View
136209 25822 CVE-2015-4364 https://www.drupal.org/node/2452569  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
7808 JVNDB-2015-003128 Drupal 用 Campaign Monitor モジュールの includes/campaignmonitor_lists.admin.inc におけるクロスサイトリクエストフォージェリの脆弱性 Drupal 用 Campaign Monitor モジュールの includes/campaignmonitor_lists.admin.inc には、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2015-4364 81589 CVE-2015-4364 25822 6.8 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-003128.html 2015-03-04 2015-06-17 View